If end users authenticate with either single sign-on or secure form-based authentication, web traffic is decrypted as part of the authentication process, regardless of whether SSL decryption is enabled in the policy. There may be some categories with privacy implications where you do not want this decryption to occur, for example financial data sites.
To define a web category that is never decrypted during authentication on the SSL tab, under Authentication Decryption Bypass, select the category in the
Available categories list, and click the
> button to move it to the
Selected categories list.